Results Show “Time is Money” When Responding to a Data Breach
Incident Response Teams Can Lead to Significant Cost Savings
IBM Security (NYSE: IBM) has unveiled the results of a global study analyzing the financial impact of data breaches to a company’s bottom line. Sponsored by IBM and conducted by the Ponemon Institute, the study found that the total average cost paid by a company increased from 88.5 million INR to 97.3 million INR in 2016 in India.
Cybersecurity incidents continue to grow in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, the study has found that companies lose up to INR 3,704 per compromised record.
Breaches in highly regulated industries were even more costly: breaches in financial institutions had a per capita cost of INR 5,544 which is well above the mean of INR 3,700.
Slow Response and Lack of Planning Cost Companies Greatly
While data breaches due to third party errors or extensive migration to the cloud increase the per capita cost, according to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – from INR 3,704 to INR 2,498 on average. In contrast, third party involvement in the cause of the data breach increased the average cost to as much as INR 4,622.
The process of responding to a breach is extremely complex and time consuming if not properly planned for. Amongst the required activities, a company must:
Work with IT or outside security experts to quickly identify the source of the breach and stop any more data leakage
Disclose the breach to the appropriate government/regulatory officials, meeting specific deadlines to avoid potential fines
Communicate the breach with customers, partners, and stakeholders
Set up any necessary hotline support and credit monitoring services for affected customers
Each one of these steps takes countless hours of commitment from staff members, taking time away from their normal responsibilities and wasting valuable human resources to the business.
Incident response teams can expedite and streamline the process of responding to a breach, as they’re experts on what companies need to do once they realize they’ve been compromised. These teams address all aspects of the security operations and response lifecycle, from helping resolve the incident, to satisfying key industry concerns and regulatory mandates. Additionally, incident response technologies can automate this process to further speed efficiency and response time.
The study also found the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. While breaches that were identified in less than 100 days cost companies an average of INR 89.4 million, breaches that were found after the 100 day mark the average cost rose significantly to INR 105.6 million.